AMENDMENT UNDER 37 C.F.R. 1.116 - EXPEDITED PROCEDURE 

Serial Number: 10/022,592 
Filing Date: December 13, 2001 

Title: A METHOD FOR ASSEMBLING AUTHORIZATION CERTIFICATE CHAINS FOR SIGNED XML 



IN THE CLAIMS 

Please amend the claims as follows. 

1. (Currently Amended) A method, comprising: 

storing, by a cUent, at least one first certificate from an authorizer; 

storing, by the client, a universal resource identifier (URI) associated with both the at 
least one first certificate and a third party; 

providing, by the chent to the third party, at least one second certificate and the universal 
resource identifier (URI); and 

providing, by the client directly to the authorizer, the at least one first certificate, directly 
in response to the authorizer accessing the universal resource identifier (URI); 

wherein the client retains control over the third party's use of the at least one first 
certificate. 

2. (Origmal) The method as recited in claim 1 , fiirther comprising: 

providing, by the client to the third party, a third certificate with a short-term usage, upon 
demand by the authorizer. 

3. (Original) The method as recited in claim 2, wherein the third certificate is a one-time use 
certificate. 

4. (Original) The method as recited in claim 1 , further comprising: 

authenticating, by the client, the authorizer, upon the authorizer accessing the universal 
resource identifier (URI). 

5. (Previously Presented) The method as recited in claim 1, further comprising: 

limiting, by the client, the third party's use of the at least one first certificate. 



Page 2 

Dkt: 884.501 US 1 



AMENDMENT UNDER 37 C.F.R 1.116 - EXPEDITED PROCEDURE 

Serial Number: 10/022,592 
Filing Date: December 13, 2001 

Title: A METHOD FOR ASSEMBLING AUTHORIZATION CERTIFICATE CHAINS FOR SIGNED XML 

6. (Previously Presented) The method as recited in claim 1, further comprising: 

tracking, by the client, the third party's use of the at least one first certificate. 

7. (Previously Presented) The method as recited in claim 1, wherein the contents of the at 
least one first certificate are not revealed to the third party. 

8. (Currently Amended) The method as recited in claim 1, further comprising: 

r e voking, by the chent, the third party's d e l e gated ability to us e th e at loaot on e firot 
c e rtificate, upon th e authoriz e r accessing th e univ e rsal r e sourc e id e ntifier (URI), wher e in th e 
r e voking of the third party's ability to us e th e at least one first certificate is p e rform e d by th e 
chent not providing the at lea s t one first c e rtificat e - 
determining by the client, upon the authorizer accessing the universal resource identifier 
(URI). that the third party's delegated ability to use the at least one first certificate is not 
authorized: and 

not providing the first certificate, by the client to the authorizer. the at least one first 
certificate. 

9. (Currently Amended) A tangibl e machine accessible medium, with instructions th e r e on, 
which wh e n processed by a machine dir e ct the machin e to p e rform a method comprising: 

receiving, by a client, a first certificate from an authorizer; 

generating, by the chent, a universal resource identifier (URI) associated with both the 
first certificate and a third party; 

providing, by the client to the third party, a second certificate and the universal resource 
identifier (URI); and 

providing, by the client directly to the authorizer, the first certificate, directly in response 
to the authorizer accessing the universal resource identifier (URI), upon the third party providing 
the second certificate and universal resource identifier (URI) to the authorizer. 
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10. (Currently Amended) The machin e acc e ssibl e medium recited in method of claim 9, 
wherein the third party provides the second certificate and universal resource identifier (URI) to 
the authorizer in an extensible Markup language (XML) signature. 

11. (Currently Amended) The machine - acceGsibl e m e dium recit e d in method of claim 10, 
wherein the first and second certificates are Simple Public Key Infrastructure (SPKI) certificates. 

12. (Currently Amended) The machin e acc e ssibl e m e dium r e cited in method of claim 9, further 
comprising: 

granting access to the third party, wherein the granting is performed by the authorizer and 
allows the third party to access a protected resource of the authorizer. 

13. (Currently Amended) The machine - accessibl e m e dium r e cited in method of claim 9, further 
comprising: 

tracking, by the chent, at least one use of the second certificate. 

14. (Currently Amended) The machin e acc e ssibl e m e dium r e cited in method of claim 9, further 
comprising: 

revoking, by the cUent, the second certificate. 



15-20. (Canceled) 



